Anonymous
2024-10-12 21:20:02
(1 month ago)
| Multiple SQL injection attempts from same source ip.(multiple servers)
Hacking
SQL Injection
Web App Attack
TheMadBeaker
2024-10-11 13:00:32
(1 month ago)
Fail2Ban Ban Triggered
HTTP SQL Injection Attempt
Hacking
SQL Injection
TPI-Abuse
2024-08-10 20:57:02
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:240335) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 16:56:55.451045 2024] [security2:error] [pid 3230:tid 3238] [client 156.146.35.182:3013] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.146.35.182 (+1 hits since last alert)|luxury.property-management-companies-chicago.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "luxury.property-management-companies-chicago.com"] [uri "/xmlrpc.php"] [unique_id "ZrfUFzZ83sd0cJ-k6qrUVgAAAUY"] show less
Brute-Force
Bad Web Bot
Web App Attack
weblite
2024-08-06 06:30:03
(3 months ago)
WP_AUTHOR_SCANNING WP_XMLRPC_ABUSE
Brute-Force
Web App Attack
TPI-Abuse
2024-08-05 20:15:06
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:240335) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 16:15:01.385656 2024] [security2:error] [pid 31874:tid 31874] [client 156.146.35.182:26142] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.146.35.182 (+1 hits since last alert)|villadushimambo.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "villadushimambo.com"] [uri "/xmlrpc.php"] [unique_id "ZrEyxQRvq3oymGiPvOciQwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-04 22:52:26
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 04 18:52:20.990738 2024] [security2:error] [pid 724:tid 724] [client 156.146.35.182:37191] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tarekshohaieb.online|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tarekshohaieb.online"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZrAGJJeH2BDyuBiErlmJvgAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-03 04:11:26
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 03 00:11:18.712970 2024] [security2:error] [pid 1187278:tid 1187300] [client 156.146.35.182:25311] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.greaternorthmiamihistory.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.greaternorthmiamihistory.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zq2t5t5Tq8NQI5iTSZ1OfgAAARA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-11 15:42:25
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 11 11:42:19.092355 2024] [security2:error] [pid 20474] [client 156.146.35.182:3552] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||worldpeaceholidaycards.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "worldpeaceholidaycards.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zo_9W5D2xpVP_DXncf1P-AAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-25 22:12:23
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 25 18:12:19.419910 2024] [security2:error] [pid 14096] [client 156.146.35.182:1631] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.compasscommerce.biz|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.compasscommerce.biz"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZntAwxc_lOVnStNgDcFQVQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-12 10:49:26
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 12 06:49:22.085086 2024] [security2:error] [pid 15842] [client 156.146.35.182:21570] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||chip18.cc|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "chip18.cc"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zml9MlsaCK4FF0O1QZeRyAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-03 06:48:59
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 03 02:48:55.729690 2024] [security2:error] [pid 14686] [client 156.146.35.182:1113] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.coachdonjacks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.coachdonjacks.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zl1nV2Jzt1CJv2uGssbddwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-28 02:46:06
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 27 22:46:02.448104 2024] [security2:error] [pid 1433] [client 156.146.35.182:27791] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bigkevsperformance.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bigkevsperformance.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZlVFaioIqIc1dK4xYh_J5wAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
applemooz
2024-05-22 06:28:16
(5 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
TPI-Abuse
2024-05-18 15:03:37
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): ... show more (mod_security) mod_security (id:225170) triggered by 156.146.35.182 (unn-156-146-35-182.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 18 11:03:33.086459 2024] [security2:error] [pid 12284] [client 156.146.35.182:41204] [client 156.146.35.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||arabou.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arabou.co"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZkjDRRlSpvWFFzjc3ZnuxQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
10dencehispahard SL
2024-04-23 04:00:06
(6 months ago)
Unauthorized login attempts [ wordpress-xmlrpc]
Brute-Force
Web App Attack